A 29-year-old Iranian man has been charged with a $6 million extortion attempt against entertainment company HBO after he allegedly stole scripts for unaired episodes of the popular show "Game of Thrones" and other confidential information.

Behzad Mesri is accused of compromising accounts for HBO employees that allowed him to gain deep access into the company's systems. Mesri claimed to have obtained 1.5 terabytes of information, including unaired episodes of "Ballers," "Barry," "Room 104," "Curb Your Enthusiasm" and "The Deuce."

Mesri is charged with one count each of wire fraud, computer hacking and interstate transmission of extortionate communication and three counts of threatening to impair the confidentiality of information, according to the indictment, which was unsealed Tuesday in U.S. District Court for the Southern District of New York.

If convicted, Mesri could face a maximum of 24 years in prison. But Mesri lives in Iran, and the U.S. does not have an extradition treaty with the country.

"Mesri now stands charged with federal crimes, and although not arrested today, he will forever have to look over his shoulder until he is made to face justice," says Acting Manhattan U.S. Attorney Joon H. Kim.

The U.S. Department of Justice has increasingly issued indictments on computer hacking-related charges against those living in countries such as Russia or China, which also don't have extradition agreements with the U.S. Those indictments may never result in prosecutions if those accused stay in those places, but it also makes it difficult for them to travel to countries that do have agreements with the U.S.

Extortion Attempt

Source: FBI

The attack against HBO was one of several high-profile extortion attempts this year. The target of those schemes is confidential, sensitive or simply embarrassing data that is held for a ransom, usually payable in virtual currency.

Although the FBI advises against paying ransoms, in some cases, organizations view paying as a cost of doing business. But they're also hedging that a hacker who has committed a crime will uphold their end of the deal and not publicly release the data.

HBO's situation spilled out publicly. Mesri is alleged to have emailed the news media as he continued to pressure HBO into paying. A Twitter account was used to tease proof of the compromise. In early August, HBO disclosed that it had been targeted.

Mesri allegedly demanded $6 million in bitcoin, the virtual currency that has surged in price in recent weeks. Starting in May, Mesri compromised "multiple user accounts" and used the access to gain access to HBO's servers, according to the indictment.

After compromising the data, Mesri sent emails in late July to HBO executives, employees and others with a "non-negotiable" ransom demand, the indictment says. He also allegedly threatened to erase data on "80 terabyte hard drives."

Mesri allegedly sent an email to HBO executives claiming he had obtained scripts and final video files. According to the indictment, the email contained this image of the Night King from the series "Game of Thrones."

The incident for which Mesri has been charged is different from another one that resulted in the release of one episode of "Game of Thrones."

On Aug. 15, police in India arrested four men, three current and one former employee who worked for Prime Focus Technologies, in connection with that separate incident. That company was a contractor of Star India, a broadcasting company that carries HBO programming. The men were accused of using their insider access to steal the episode (see Authorities: 4 Insiders Leaked 'Game of Thrones' Episode).

Website Defacements

U.S. prosecutors alleged that Mesri was part of an Iran-based hacking group called the Turk Black Hat Security team. That group defaced websites, and Mesri is believed to have used the pseudonym "Skote Vahshat."

Prosecutors also believe Mesri did work for the Iranian government, which experts say has well-developed offensive cyber capabilities.

"Mesri was a self-professed expert in computer hacking techniques and had worked on behalf of the Iranian military to conduct computer network attacks that targeted military systems, nuclear software systems and Israeli infrastructure," the indictment reads.

Source: Department of Justice

Sour Deals

HBO didn't pay the ransom and now has seen an indictment get lodged against the alleged perpetrator. Other entertainment companies, however, haven't been so lucky.

The post-production facility Larsen Studios in Hollywood saw its systems get breached in December 2016. The attackers identified themselves as being part of The Dark Overlord hacking group. As reported by Variety, Larsen gave the attackers $50,000 in bitcoins in an attempt to satisfy their demands.

But the group failed to honor its agreements, claiming that it discovered Larsen Studios had been in contact with the FBI, and then released some of the stolen data. That included season five for the hit Netflix TV series "Orange Is the New Black," which had yet to be released.

About the Author

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.